Learn API testing in 10 minutes!!!

Details

Last Updated: Friday, 13 February 2015 10:53

Before going to API testing, let's first understand

What is an API?

API is an acronym for Application Programming Interface.

It enables communication and data exchange between two separate software systems. A software system implementing an API contains functions/sub-routines which can be executed by another software system.

What is API testing?

API testing is entirely different from GUI testing and mainly concentrates on the business logic layer of the software architecture. This testing won't concentrate on the look and feel of an application.

Instead of using standard user inputs(keyboard) and outputs, in API Testing, you use software to send calls to the API, get output, and note down the system's response.

API Testing requires an application to interact with API. In order to test an API, you will need to

Use Testing Tool to drive the API

Write your own code to test the API

Set-up of API Test environment

API testing is different than other testing as GUI is not available, and yet you are required to setup initial environment that invoke API with required set of parameters and then finally examine the test result.

What to test for in API testing

Discovery testing: The test group should manually execute the set of calls documented in the API like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate

Usability testing: This testing verifies whether the API is functional and user-friendly. And does API integrates well with another platform as well

Security testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both

Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly

Documentation: The test team has to make sure that the documentation is adequate and provides enough information to interact with the API. Documentation should be a part of the final deliverable

Best Practices of API Testing:

Test cases should be grouped by test category

On top each test, you should include the declarations of the APIs being called.

Parameters selection should be explicitly mentioned in the test case itself

Prioritize API function calls so that it will be easy for testers to test

Each test case should be as self-contained and independent from dependencies as possible

Avoid "test chaining" in your development

Special care must be taken while handling one time call functions like - Delete, CloseWindow, etc...

Call sequencing should be performed and well planned

To ensure complete test coverage, create test cases for all possible input combinations of the API.

Types of Bugs that API testing detects

Fails to handle error conditions gracefully

Unused flags

Missing or duplicate functionality

Reliability Issues. Difficulty in connecting and getting response from API.

Security Issues

Multi-threading issues

Performance Issues. API response time is very high.

Improper errors/warning to caller

Incorrect handling of valid argument values

Response Data is not structured correctly (JSON or XML)

Tools for API testing

Since API and unit testing both target source code, similar tools can be used for testing both.

SOAPUI

Runscope

Postman with jetpacks

Postman with newman

Curl

Cfix

Check

CTESK

dotTEST

Eclipse SDK tool- Automated API testing

Challenges of API Testing

Challenges of API testing includes:

Main challenges in API testing is Parameter Combination, Parameter Selection, and Call Sequencing

There is no GUI available to test the application which makes difficult to give input values

Validating and Verifying the output in different system is little difficult for testers

Parameters selection and categorization required to be known to the testers

Exception handling function needs to be tested

Coding knowledge is necessary for testers

Conclusion:

API consists of set of classes / functions / procedures which represent the business logic layer. If API is not tested properly, it may cause problems not only the API application but also in the calling application.